• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Haken and Joker Malware found in Apps on Google Play
February 24, 2020
Rewterz Threat Advisory – ICS: Moxa EDS-G516E and EDS-510E Series Ethernet Switches Multiple Vulnerabilities
February 26, 2020

Rewterz Threat Alert – WinPot Malware Turns ATM into a Slot Machine

February 25, 2020

Severity

High

Analysis Summary

WinPot ATM Malware has affected more than 120 ATM machines and the number of affected victims is growing. Jackpotting commonly refers to attacks where cybercriminals force an automated teller machine to spew out money. WinPot can make the “ATM game” a sure-fire win, which could explain the first part of the name. The software helps criminals pick and empty the ATM’s most lucrative cash-dispensing cassette.The slot machine’s windows display each cassette’s bill denomination and the number of bills inside the cassette. All the mule needs to do is select the cassette with the most money in it and press Spin. The Scan button can be used to recount the bills. WinPot’s creators also provided an emergency Stop button for helping the mule cut the payout short before raising suspicions.

Impact

  • ATM turns into slotting machine
  • Financial loss

Indicators of Compromise

MD5

fdb6abf130e03539e962ea92db71d2b8
76ad9b03c32c3b5be03acafef937b0d7

SHA-256

acc9be34ac6effb6a87cd5110f68e7c59a982f44fa53619a07e5c67da1b99a53
fc7fb41d47409efea69ed59c791b7d4144f92f6f3ed9834742db82dd779084e6

SHA1

9983a6c013d11089e2ed2af4d3df1ac14fa86db5
ab1805fd3185c4635c0c4ca4a1ae7e7f5a3e48a4

Remediation

  • Block the threat indicators at their respective controls.
  • Activate text-message notifications about withdrawals and transfers.
  • Keep all software associated with transactions updated to latest patched versions.
  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.